The information below is meant for developers of the OpenTDF platform.
For end-users/consumers, see here.
Note
Migrations are handled automatically by the server. This can be disabled via the config file, as
needed. They can also be run manually using the migrate
command
(go run github.com/opentdf/platform/service migrate up
).
- Configure KAS and Keycloak keys:
.github/scripts/init-temp-keys.sh
. Creates temporary keys for the local KAS and Keycloak Certificate Exchange. docker compose up
. Starts both the local Postgres database (contains the ABAC policy configuration data) and Keycloak (the local IdP).- Note: You will have to add the
localhost.crt
as a trusted certificate to do TLS authentication atlocalhost:8443
.
- Note: You will have to add the
- Create an OpenTDF config file:
opentdf.yaml
- The
opentdf-dev.yaml
file is the more secure starting point, but you will likely need to modify it to match your environment. This configuration is recommended as it is more secure but it does require valid development keypairs. - The
opentdf-core-mode.yaml
file is simpler to run but less secure. This file configures the platform to startup without a KAS instances, without a built-in ERS instance, and without endpoint authentication.
- The
- Provision keycloak:
go run github.com/opentdf/platform/service provision keycloak
. Updates the local Keycloak configuration for local testing and development by creating a realm, roles, a client, and users. - Run the server:
go run github.com/opentdf/platform/service start
. Runs the OpenTDF platform capabilities as a monolithic service.- Alt use the hot-reload development environment
air
- Alt use the hot-reload development environment
- The server is now running on
localhost:8080
(or the port specified in the config file)
Note: support was added to provision a set of fixture data into the database.
Run go run github.com/opentdf/platform/service provision fixtures -h
for more information.